Text-Message Exploit Can Hijack Every iPhone, Researchers Say

Security researchers plan to reveal a security hole that would enable hackers to take complete control of an iPhone with a text-messaging attack.

Security researchers Charlie Miller and Collin Mulliner will publicize the exploit Thursday at the Black Hat cybersecurity conference, according to Forbes. The researchers said the hack involves sending a series of mostly invisible SMS bursts that effectively hijack an iPhone. From thereon, a hacker could control all the functions on the iPhone, such as e-mailing, dialing contacts — and, most alarmingly, sending more text messages to hijack even more iPhones.

How can you know if you’re being SMS attacked? According to Miller, one giveaway is if you receive a text message containing a single square character. If that happens, he suggests you immediately turn off your iPhone.

“This is serious,” Miller told Forbes. “The only thing you can do to prevent it is turn off your phone. Someone could pretty quickly take over every iPhone in the world with this.”

Though many customers hail the iPhone as one of the most well designed and versatile smartphones, security researchers have criticized the phone for its weak security. For example, Wired.com recently reported on forensics researcher Jonathan Zdziarski’s discovery that the new iPhone 3GS’ data encryption can be cracked in a few minutes with free software. Because of this flaw, Zdziarski recommended against the iPhone being used by businesses.

Miller and Mulliner said they contacted Apple about the SMS exploit a month ago, but the company has not released a software update to fix the issue. Apple did not immediately respond to Wired.com’s request for comment.

Though the researchers informed Forbes of the SMS exploit, it’s worth noting they did not demonstrate it to Forbes. We’ll be convinced this is true once we see it.

Here’s The Thing With Ad Blockers

We get it: Ads aren’t what you’re here for. But ads help us keep the lights on. So, add us to your ad blocker’s whitelist or pay $1 per week for an ad-free version of WIRED. Either way, you are supporting our journalism. We’d really appreciate it.